The running battle between hackers and network security professionals has moved beyond the perimeter firewall to hand-to-hand combat at individual Web and corporate servers.
And new security weapons have emerged that use ingenious methods to protect Web sites and corporate networks from external and internal security threats.Here are some of the latest tools at your disposal. No exit
Gillian G-Server doesn’t care how the hacker got in or what changes they may have made to your Web site.Gillian Exit Control technology prevents the world from seeing the consequences of a security breach.
Gillian G-Server sits between the Web server and the router or firewall that connects the Web server to the Internet, inspecting every piece of content that goes out. The Exit Control G-Server contains a collection of digital signatures made from authorized Web content during the publication process.
Each time the site content producers publish a new or revised object,the G-Server saves a digital backup of the object along with a digital signature.
Signatures that don match send up a red flag which triggers the G-Server to immediately replace a bogus page with a secure archived copy of the original,while simultaneously alerting appropriate personnel.
Tripwire,Inc. Tripwire for Servers is a similar data and network integrity product.However,Tripwire for Servers takes a different approach ——its software is loaded onto the server that you want to protect.It monitors all file changes,whether they originate from inside or outside the company,and reports back if a change violates predetermined policies. Honeypots or decoys
Honeypots are designed to lure and contain an intruder on the network.Honeypots are decoy devices that can divert attacks from production systems and let security administrators study or understand what happening on the network. Man Trap,from Recourse,is a powerful honeypot that deployed next to data servers,if it being used to deflect internal attacks,and located off the firewall in the demilitarized zone (DMZ) if it being used against external threats.The majority of users deploy it internally to get suspicious activity under control.
In that scenario,a Man Trap server would be set up to look like a file server that stores intellectual property or business plans.A successful deployment of Man Trap depends on a variety of factors including quality,naming scheme,placement and security policy.For example,deceptive defenses are most effective when deployed in quantities equal to or greater than that of the production system.Honeypots can get expensive which is why companies must pick and choose the critical servers they want to protect.
What attracts an attacker to Man Trap is configuring it to make it look more vulnerable than other servers.Once the hacker is on the decoy server,security
managers can log the hacker activity and gain insight into what the intruder is trying to accomplish. Fall into the gap
Air gap technology provides a physical gap between trusted and untrusted networks, creating an isolated path for moving files between an external server and a company internal network and systems. Vendors include RVT Technologies, Spearhead Technology and Whale Communications.
Whale e-Gap Web Shuttle is a nonprogrammable device that switches a memory bank between two computer hosts. The e-Gap Web Shuttle creates an air gap between the Internet and a company back-office systems. Companies might use e-Gap Web Shuttle between an external service running e-commerce applications, such as online banking, and internal databases that might be queried by external users.
The e-Gap system consists of the e-Gap appliance that is attached to two PC hosts, one internal and one external. The internal host connects to the company internal network and the external host sits in the DMZ in front of the firewall.
All URLs to Web pages are directed to a mock location on the external host. Pages do not actually reside on this host. The external host strips off the protocol headers, extracts only the content of the Secure Sockets Layer (SSL) traffic and passes it to the e-Gap Web Shuttle. The e-Gap Web Shuttle transports the encrypted data to the internal host using a toggling e-disk. The e-Gap internal host decrypts SSL traffic, authenticates the user and filters the URL content. It then passes the URL request to the company production Web server that resides on the back-office network. The fix is in
Security and vulnerability assessment tools, designed to be used in-house, can detect weaknesses in an organization systems before problems occur and can fix those problems.
Retina 3.0, from e Eye, scans, monitors, alerts and automatically fixes network security vulnerabilities. The product works on Windows NT 4.0 SP3 or higher and Windows 2000.
The software is installed on any machine within the network. The network administrator types in a range of IP addresses to scan and pushes a button. The product scans the network for vulnerabilities, software flaws and policy problems and reports any vulnerabilities.
The product “fix it” feature provides network administrator with a description of any found vulnerabilities, information on how to fix it, or access to a fix it button that can repair the vulnerability locally or remotely. Demolishing Do S attacks
Perhaps one of the newest categories of security is products that target denial-of-service (Do S) attacks and more. By definition, Do S attacks make computer systems inaccessible by exploiting software bugs or overloading servers or networks so that legitimate users can no longer access those resources. The product category is so new that some products are still in beta test or on the cusp of entering the marketplace.
Going after one of the most malicious types of computer vandalism, the Do S attack,
are Arbor Networks, of Waltham, Mass.; Ma z u Networks, of Cambridge, Mass.; and As ta Networks in Seattle.
Ma z u’s solution to distributed Do S attacks works via intelligent traffic analysis and filtering across the network. A monitoring device, such as a packet sniffer or packet analyzer, evaluates packets on the network at speeds up to 1G bit/sec. A monitoring device then determines which traffic needs to be filtered out. The good, the bad and the ugly
The good news about all of these new security techniques is that they theoretically offer companies additional layers of security protection, providing better overall security. What this ultimately means to businesses is that additional security mechanisms can succeed where others have failed. Another plus about some of the new products is that they are optimized for a particular application, such as integrity of the Web servers.
However, as with any technology, there are pros and cons to consider. In fact, there are some downsides to implementing these new security products. For example: They are all incremental solutions, not replacements. They require a certain amount of expertise.
Many vendors are start-ups and there a risk as to how long they will be around.
There a concern, in many IT shops, about adding preventive controls because of associated overhead——a concern that can be easily remedied by investing in additional horsepower.
What too much? When does a company run the risk because of having too many products to manage?
The bottom line is that security is never a done deal. It a continuing process that a new crop of innovative vendors are making more interesting. Benevolent Worms
Although the prospect of using virus technology to simplify the task of delivering patches and software updates is tempting, the dangers can outweigh the benefits when the process is too automated. For example, the improved Windows Update feature in Windows XP now allows patches and updates to be downloaded automatically, although installation is still at the user’s discretion.
Trojan horses, worms, and other malicious code forms have proven to be incredibly successful at paralyzing e-mail systems and Internet providers. It is therefore only logical to conceive of ways to use them for productive purposes, much as the Bible exhorts its readers to beat their swords into plowshares and their spears into pruning hooks.
Granted, it would be wonderful if IT administrators could distribute patches and software updates to desktops and servers as quickly as an e-mail virus can spread from one machine to the next. But is such a magic wand really a good idea?
Well, maybe not exactly. After all, unlike the human immune system, which produces defenses, or antibodies, automatically, the computer must wait for a human to analyze samples of a computer virus, prepare antidotes and vaccines for that specific situation, and only then apply the cure.
This observation alone would seem to discredit the idea of a “digital immune system”
that the security community has tossed around during the past few years, but there’s an even more important point to consider. Similar to the way that autoimmune diseases turn the body’ s own defenses against itself, so could one turn a virus like software delivery system against its own computers. Although it would be difficult to monkey with the digital certificates that would conceivably be used to identify trusted patches, it’s not impossible to subvert the certificate issuing system, as Microsoft and VeriSign found to their dismay last March.
Ultimately, a virus like software delivery system would require software publishers to deliberately put a back door into their systems, and few customers will tolerate that practice, even under shrink wrap licensing terms. Because there’s no guarantee that such a tempting target wouldn’t be exploited by hackers, any IT manager deploying such a system would be foolhardy in the extreme.
Virus behavior that standpoint go to see from the operate system, is some normal behaviors, and say for the operate system that don't break the law , therefore at kill the virus software to check to kill the virus, usually meeting because operate system of obstruction-\" the document was take upped by system and can't change the code at system \virus the inside to circulate\" etc. reason, but can't clean the virus clearance .Therefore, we at kill the virus of time also want to speak to investigate some techniques, and go to the round over the operate system's obstruction, from success of virus is from the system.
Speak here of kill the virus method is: Kill the virus with the tool under the safe mode to kill the virus under the pure DOS mode.
Why want the pure DOS mode to down kill the virus?
Because the virus procedure is under the operate system explain the mode to circulate o, such as: Script virus\" new and happiness time\etc., they can't circulate in the inside memory, and system also argue all legal procedures but as to it's take in to protect, and guarantee it continue to circulate, prohibition against in the movement procedure right proceed modification, this result in e d virus can't quilt the clearance's reason. But result for aegis for having under the pure DOS mode, connecting the Windows operate system all don't can quilt circulating, virus more impossible movement, for this reason this hour as to it' s checking killing, round over system, attaining cleanly killing the virus.
The usage special tool under the safe mode to kill the virus
The each of Windows operate system for edition all contain a safe mode to circulate the way, and here circulate the way bottom can only circulate the most basic procedure, again this mode bottom, you can cancel all of from start the item, avoid the virus's movement .Its special tool is small and very shrewd, and use it can under the safe mode normal movement. Its weakness is a result for can aim at ting the popular virus of some comparisons, can't attaining completely killing the virus.
For attain to kill the clean virus result, we can synthesize to use these two kinds of methods.
Kill the virus not equal to defend the virus, and hard work should be protected. Privacy-Protecting techniques
In this chapter, we will look at some proven techniques to protect your privacy when
you use the Internet. Most of these techniques are simple, commonsense rules that you can put into effect immediately-choosing a good service provider, using good password, cleaning up after yourself online, avoiding Spam and junk email, and protecting yourself from identity theft. Choosing a good service provider
The first and most important technique for protecting your privacy is to pick service providers who respect your privacy.
Here are some things to consider when you choose an ISP:
. Unless you take special measures to obscure the content and destinations of your Internet usage, your ISP can monitor every single web page that you visit, every email message that you send, every email message that you receive, and many others about your Internet usage.
. If you have a dialup ISP, your ISP can also infer when you are at home, when you go on vacation, and other aspects of your schedule.
. If you check your email from work, your ISP can learn where you work.
. Many ISPs routinely monitor the actions of their subscribers for the purposes of testing equipment, learning about their user population, or collecting per-user demographics.
. Some ISPs will monitor the web sites that you visit and sell this information for the purpose of increasing their revenue. In some cases, the ISPs clearly state this policy and, in fact, use the sale of the data as a way of subsidizing the cost of Internet access .Other ISPs silently engage in this practice.
. Equipment is now on the market that allows ISPs to monitor the advertisements that are downloaded to your computer and, in some case, replace the advertisements with different ones. This equipment is also capable of generating detailed user-level statistics.
. Some ISPs have strict policies regarding which employees have access to user data and how that data must be protected .Other ISPs have no policies at all.
. Many policies that are in use basically say “we can monitor anything that we want.” However, not all ISPs that have these policies actually monitor their users. Picking a Great Password
Passwords are the simplest from of authentication. Passwords are a secret that you share with the computer. When you log in, you type your password to prove to the computer that you are who you claim to be. The computer ensures that the password you type matches the account that you have specified. If they match, you allowed to be proceed
Using good passwords for your Internet service is a first line of defense for your privacy. If you pick a password that is easy to guess, then somebody who is targeting you will find it easier to gain access to your personal information. If you use the same password on a variety of different services, then a person who is able to discover the password for one of your services will be able to access other services. Good Passwords: locked Doors
Good passwords are passwords that are difficult to guess. The best passwords are difficult to guess because they:
-Have both uppercase and lowercase letters
-Have digits and/or punctuation characters as well as letters -May include some control characters and /of spaces
-Are easy to remember, so they do not have to be written down Are at least seven of eight characters long
Can be typed quickly, so somebody cannot determine what you type by watching over your shoulder
It is easy to pick a good password. Here are some suggestions:
Take two short words and combine them with a special character or a number, like robot4my or eye-con.
Put together an acronym that is special to you, like Notfsw(None of this fancy stuff works),auPEGC(All Unix programmers eat green cheese),or Ttl*Hiww(Twinkle, twinkle, little star. How I wonder what…). Cleaning Up After Yourself
When you use the Internet, you leave traces of the web sites that you visit and the information that you see on your computer. Another person can learn a lot about the web sites that you have visited by examining your computer for these electronic footprints. This process of computer examination is called computer forensics, and it has become a hot area of research in recent years. Special-purpose programs can also examine your computer and either prepare a report, or transmit the report over the Internet to someone else.
Although it can be very hard to remove all traces of a web site that you have seen or an email message that you have downloaded, you can do a good job of cleaning up your computer with only a small amount of work. There are also a growing number of programs that can automatically clean up your computer at regular intervals as we will see in the next chapter. Avoiding Spam and Junk Email
Unwanted electronic mail is the number one consumer complaint on the Internet today. A 1999 study by Bright Mail, a company that develops anti-spam technology, found that 84 percent of Internet users had received Spam; 42percent loathed the time it takes to handle Spam; 30 percent found it to be a “significant invasion of privacy;”15 percent found it offensive; and ISPs suffered account churn rates as high as 7.2 percent as a direct result of Spam. Protect Your Email Address
To send you junk mail, a spammer must have your email address. By understanding how spammers get email addresses, you can keep your mailbox relatively Spam-free: Do not put your email address on your home page, Take your name out of online directories, Do not post to public mailing lists, Do not post to Usenet, Pick an unusual username.
因篇幅问题不能全部显示,请点此查看更多更全内容